CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
22.7%
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | netweaver_application_server_abap | 7.22ext | cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 7.49 | cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 7.53 | cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 7.54 | cpe:2.3:a:sap:netweaver_application_server_abap:7.54:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 7.77 | cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 7.81 | cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 7.85 | cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 7.89 | cpe:2.3:a:sap:netweaver_application_server_abap:7.89:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | kernel_7.22 | cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | krnl64nuc_7.22 | cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:* |
[
{
"product": "SAP NetWeaver AS ABAP",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KRNL64NUC 7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "KRNL64UC 7.22"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.89"
},
{
"status": "affected",
"version": "7.54"
}
]
}
]
More